Exactly two years ago we introduced our extended databases.
These databases protect against AdWare, RiskWare and PornWare. Some people like to refer to the extended databases simply as anti-spyware protection, but we actually detect much more than just that with the help of these databases, most notably RiskWare programs.
Back then we still had cumulative updates and the extended databases consisted of three components: advware.avc, riskware.avc and pornware.avc.
Later two of those names changed to adware.avc and obscene.avc. Since the beginning of this year we simply have combined them into extxxx.avc database, where the x stands for a decimal figure. However, we've actually been detecting these types of threats for much longer than two years.
Before we introduced the extended databases the detection of AdWare etc. was included in x-files.avc.
Two years ago it was special to have a separate option to cover such threats, now it is a much more common feature for antivirus programs.
You can select the extended databases by going to KAV's settings, clicking on Threats and exclusions, and then selecting the extended database.
Be sure to read the pop-up message when choosing a database from the dropdown list.
MSN released version 7 of their Messenger yesterday.
In addition to some other new features, the new version also incorporates functions to prevent the spreading of malware.
The developers have taken some serious steps to prevent the sharing or spreading of .pif files. Any incoming or outgoing message with a ".pif" in it will be blocked completely.
Too bad that MSNM doesn't tell you that this is happening. Messages won't get delivered to the recipient, but neither the recipient nor sender will be notified that the message has been blocked. Not very user-friendly, IMHO.
In addition to filtering messages, MSN 7 also filters incoming file transfers. This filtration applies to files such as executables (with extensions such as .exe, .com, .scr etc) and other potentially dangerous types of file such as .vbs and .reg.
We've already seen IM-worms which spread in the form of a link to .scr files, so the measures that MSN developers have taken won't be 100% effective. But I think the complete blocking of .pif files is the most important innovation, as it's IM-worms spreading as .pif files which have been the most 'successful' to date.
Although some users may not like this kind of filtering, I think in the long run we're better off. IM-worms are becoming more and more common. Sooner or later users will have to learn to live with security measures designed to combat their spread.
Kudos to our development folks who've come up with a public beta version of the interesting KAV Web Scanner, a free service which scans your computer for viruses, and runs directly from a web page on our site.
We encourage everybody go ahead and take a look:
Please keep in mind this is not a finished product so we are especially interested in any opinions and/or suggestions you may have. Feedback, queries and (ahem) bug reports should go to: webscannerbeta (at) kaspersky (dot) com
We have put together a new removal tool that detects and disinfects malware on smartphones and other mobile devices running Symbian OS.
It's available for download and is effective until May 1, 2005.
OS Supported: Symbian OS 6.1, 7.0.
Devices supported: Series 60 smartphones.
Note: This version was tested on Nokia 3650, Nokia 7650, Nokia 6600, Siemens SX1.
Download the utility directly to your smartphone via WAP or download it to your PC and copy it to the device(size is 9.2 KB).
Install it as a common Symbian application package by opening the message that you recieve when downloading the file.
You will need to download and install the utility again every time you would like to update the antivirus databases (we recommend that you do this when you hear of new malware for Symbian OS).
Microsoft has released a beta version of its antispyware program.
Response from the IT community has been mixed so far, not surprisingly.
For instance, today we received a report about MS AntiSpyware flagging
a suspicious file:
"c:\winnt\system32\notpad.exe" was detected as a Remote Administration Tool.
This file - which was a French version of notepad - would normally be called notepad.exe. For some reason, we don't know why, the file was renamed as notpad.exe.
When we looked closely, it was clear what this file was. So we figured that MS AS had a faulty signature meaning this particular French version of notepad is detected as ItEye RAT.
Not every version (language, build) of every (Windows) file gets tested to check for false alarms, so this might have slipped by.
However we quickly realized that it was the combination of file name/location that made MS AntiSpyware go off.
In fact, the beta version of MS AntiSpyware detects any file with the name "notpad.exe" - even a completely empty one - residing in %sysdir% as being this particular RAT.
So at least a part of the "ItEye RAT" detection is strictly based on filename/location, which can result in situations like these.
Because of this, we think it's best to detect files by file signatures, not location.
Microsoft has just announced the availability of their Anti-Spyware software tool, based on previous code purchased at the end of the past year from NY-based "Giant". The software download is a 6.4MB executable which can be obtained from:
Keep in mind that as any other beta software, this may have unexpected results. Test it on a spare system before running it on your production servers!
Also keep in mind that KAV can detect and remove many kinds of spyware by simply activating the download and usage of 'extended databases', in the Updater Configuration panel.
With the delayed release of Longhorn and Novell's recent announcement of Novell Linux, based on its earlier purchase of German Linux developer SuSE, the OS wars are reaching new heights.
One of the most praised and popular operating systems a couple of years ago, Solaris started to fade out of the scene when Sun became more interested in Linux than supporting its own OS. A real pity, since Solaris was a nicely designed modern operating system, had better security features than many other commercial solutions and benefited from coherent updates from its developers.
From this point of view, we salute Sun's initiative to revive Solaris and freely distribute version 10 for x86 and SPARC machines, hence rejoining the OS wars with a fresh, new approach!
Of course, Solaris is no longer such a strong presence on the Unix OS market - Linux is getting better every day, has likely more ports than any other OS out there. Distributions such as Fedora Core 3 benefit from easy and straightforward updates with a mouse click. How will the new Solaris 10 work on today's market cannot be guessed at this stage of the story.
Discovered in 2001, 'Sadmind' (aliases: SunOS/BoxPoison, Solaris/Sadmind.worm)is still the only known Solaris worm at the moment. You can find a description of Sadmind, in our Virus Encyclopedia.
|Just at the time three variants of Bofra (previously detected by us as Mydoom) started spreading thanks to a brand new exploit in Microsoft's Internet Explorer, Mozilla Foundation released version 1.0 of Firefox, their free Internet browser.|
With IE becoming more and more complex, filled with tons of undocumented features (read bugs) and being the number one target for malware developers worldwide, now may be a really good time to try an alternative - if you haven't already.
From this point of view, Firefox seems to be a nice replacement. At least until major vulnerabilities start to be found in it as well.
You can download Firefox 1.0 here.